8 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component. Se descubrió un problema en Stormshield Network Security (SNS) anterior a 4.3.17, 4.4.x a 4.6.x anterior a 4.6.4 y 4.7.x anterior a 4.7.1. Afecta a las cuentas de usuario cuya contraseña tiene un signo igual o un espacio. • https://advisories.stormshield.eu/2023-006 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service. En Stormshield Network Security (SNS) antes de la versión 3.7.25, de la 3.8.x a la 3.11.x antes de la 3.11.13, de la 4.x antes de la 4.2.10 y de la 4.3.x antes de la 4.3.5, una avalancha de conexiones al servicio SSLVPN podría provocar la saturación de la interfaz de loopback. Esto podría resultar en el bloqueo de casi todo el tráfico de red, haciendo que el firewall sea inalcanzable. • https://advisories.stormshield.eu/2022-003 •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution. En ASQ en Stormshield Network Security (SNS) versiones 1.0.0 hasta 2.7.8, 2.8.0 hasta 2.16.0, 3.0.0 hasta 3.7.20, 3.8.0 hasta 3.11.8, y 4.0.1 hasta 4.2.2, un manejo inapropiado de la memoria puede conllevar a una ejecución de código remota • https://advisories.stormshield.eu https://advisories.stormshield.eu/2021-020 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0

Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. Stormshield Network Security (SNS) versiones anteriores a 4.2.2, permite que un administrador de sólo lectura obtenga privilegios por medio de comandos CLI • https://advisories.stormshield.eu https://advisories.stormshield.eu/2021-007 https://documentation.stormshield.eu/SNS/v4/en/Content/Release_Notes_SNS/Getting_Started_RNO.htm •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer. En Stormshield SSO Agent 2.x versiones anteriores a 2.1.1 y versiones 3.x anteriores a 3.0.2, la contraseña de usuario en texto sin cifrar y el PSK están contenidos en el archivo de registro del instalador .exe • https://advisories.stormshield.eu/2022-001 • CWE-532: Insertion of Sensitive Information into Log File •